nanog mailing list archives
Re: Firewalls - Ease of Use and Maintenance?
From: Jimmy Hess <mysidia () gmail com>
Date: Thu, 10 Nov 2011 07:36:58 -0600
On Wed, Nov 9, 2011 at 2:44 PM, Nick Hilliard <nick () foobar org> wrote:
On 09/11/2011 19:07, C. Jon Larsen wrote: As I said, it's not a pf problem. Commercial firewalls will do all this sort of thing off the shelf. It's a pain to have to write scripts to do this manually.
Ah... the high cost of 'free' products, you have to do some scripting, or pay another organization to support it / do scripting work for you. The advantage is... you _can_ do a small amount of scripting or programming to add minor additional required functionality. And a very large number commercial firewalls do not have config synchronization, except, perhaps between a failover pair, anyways. Anyways... I can see synchronizing blacklists on a firewall, or having a firewall configured to fetch certain 'drop' rules from a HTTPS URL. Otherwise: the thought of mass synchronization of lots of firewalls can be bad in that it creates a single point of system compromise; supposing the synchronization source machine were compromised, one dirty rule inserted by an intruder followed by a kick off of the sync mechanism, and then actions to break it/prevent further syncing, defeats the security of the entire deployment.... -- -JH
Current thread:
- Re: Firewalls - Ease of Use and Maintenance?, (continued)
- Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 09)
- Re: Firewalls - Ease of Use and Maintenance? Valdis . Kletnieks (Nov 09)
- Re: Firewalls - Ease of Use and Maintenance? Joe Greco (Nov 09)
- RE: Firewalls - Ease of Use and Maintenance? Nathan Eisenberg (Nov 09)
- Re: Firewalls - Ease of Use and Maintenance? Nick Hilliard (Nov 09)
- Re: Firewalls - Ease of Use and Maintenance? Jonathan Lassoff (Nov 09)
- Re: Firewalls - Ease of Use and Maintenance? Nick Hilliard (Nov 09)
- RE: Firewalls - Ease of Use and Maintenance? Nathan Eisenberg (Nov 09)
- Re: Firewalls - Ease of Use and Maintenance? C. Jon Larsen (Nov 09)
- Re: Firewalls - Ease of Use and Maintenance? Nick Hilliard (Nov 09)
- Re: Firewalls - Ease of Use and Maintenance? Jimmy Hess (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Richard Kulawiec (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Peter Kristolaitis (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Richard Kulawiec (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Valdis . Kletnieks (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? -Hammer- (Nov 10)
- Re: Firewalls - Ease of Use and Maintenance? Joe (Nov 10)